Critical Incident: London Hospitals Cyber Attack

June 5, 2024

A critical incident has been declared after a number of London hospitals were disrupted following a ransomware attack. The incident occurred when allegedly a third-party provider of pathology services, Synnovis, experienced a major IT incident impacting their systems. King’s College Hospital, Guy’s and St Thomas’, the Royal Brompton and the Evelina London Children’s hospital, as well as primary care services were affected by the incident. [1]

The attack occurred on Monday and resulted in a disruption of blood transfusions and test results. This led to operations and procedures being cancelled or redirected to other NHS hospitals and providers. A statement from the NHS reads “We are working urgently to fully understand the impact of the incident with the support of the government’s National Cyber Security Centre and our Cyber Operations team.”. [2]

Ransomware incidents have become increasingly common since 2019. According to data from The Information Commissioner’s Office there have been 215 ransomware incidents affecting the health sector since January 2019. [3] Ransomware attacks against healthcare providers can be especially significant due to the confidential nature of sensitive patient data being stolen and sold on the dark web. Furthermore, as allegedly seen in this incident, a ransomware attack can have a devastating impact on healthcare services, including operations and emergency procedures.

Primary care services were also allegedly affected by the ransomware attack. Including GP services located in Lewisham, Greenwich, Bexley, Bromley, Southwark and Lambeth.

The third-party provider, Synnovis, has issued a satement from their chief executive Mark Dollar stating the incident “has affected all Synnovis IT systems, resulting in interruptions to many of our pathology services.”.

The statement continues “We take cybersecurity very seriously at Synnovis and have invested heavily in ensuring our IT arrangements are as safe as they possibly can be. This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect.” [4]

Ransomware threat actors continue to target companies across the UK. Ciaran Martin, the former chief executive of the National Cyber Security Centre told the BBC Radio 4 Today programme "we believe it is a Russian group of cyber criminals who call themselves Qilin.". He added the group operated “freely from within Russia” and were “simply looking for money” and “the priority is the restoration of services.”. [5]

This ransomware incident is an important reminder of the affects that an attack on a third-party can have. Serious cybersecurity ransomware incidents such as this demonstrate the risks associated to organisations and the nature of our increasingly interconnected infrastructure and systems.

Black Room Intelligence has a specific focus on protecting UK organisations and provides an extensive third-party monitoring solution to detect and mitigate attacks against third parties. Our Russia and Asia Desks include analysts with significant language and geopolitical expertise, with the cybersecurity knowledge to follow ransomware trends and developments.

References

1. Cyber incident over London hospital’ cyber-attack. BBC. 2024 June 4. Available from: https://www.bbc.co.uk/news/articles/c288n8rkpvno

2. NHS London statement on Synnovis ransomware cyber attack. NHS. 2024 June 4. Available from: https://www.england.nhs.uk/london/2024/06/04/nhs-london-statement-on-synnovis-ransomware-cyber-attack/

3. Data security incident trends. ICO. 2024 April 15. Available from: https://ico.org.uk/action-weve-taken/data-security-incident-trends/

4. Synnovis’ statement on this week’s cyberattack. Synnovis. 2024 June 4. Available from: https://www.synnovis.co.uk/news-and-press/synnovis-cyberattack

5. ‘Russian criminals’ behind hospitals cyber attack. BBC. June 5. Available from: https://www.bbc.co.uk/news/articles/cxee7317kgmo

Experienced Analysts
+
Best of Breed Data Feeds
=
Exceptional Insights
Transform your ability to identify and monitor dark web threat actors today.

Speak to an expert
Services BlogCareersAboutContact
Black Room Intelligence is a cyber threat intelligence company with considerable expertise in a wide range of industries. Our experienced analysts and linguists offer a range of insights and monitoring that can help you understand and combat a variety of cyber threats including sophisticated disinformation campaigns.

Registered in England and Wales (number 14885394) whose registered office is at 20-22 Wenlock Road, London, N1 7GU.

Address: 20-22 Wenlock Road, London, N1 7GU

Email: contact@blackroomintelligence.comPhone: +44 (0) 208 058 2971Linkedin: linkedin.com/black-room-intel
Copyright © 2025 Black Room Intel Ltd